Would you like to browse code in an interface you are familiar with but isn’t supported as a Source Code Provider for Chef Automate? Look no further! This guide will teach you how to publish your Git master branch to a remote Git master branch during the Publish phase of the Chef Automate pipeline.
The Publish phase is intended to be used to “publish” the code/artifacts from your pipeline to a location that other phases or stages can consume. The default publish recipe can be found in your project here
As you can see, the actions that take place in this phase are defined in the
delivery-truck cookbook’s publish recipe and the places that your code/artifacts are published are defined in your
.delivery/config.json file. For a full list of these options see here.
Methods of Publishing to Git Repositories
Method 1 - Using
WARNING: This method uses encrypted data bags and by extension shared key encryption
Method 2 - Using Chef Vault and
delivery-truck’s publish recipe we can see that the custom resource
delivery_github is called. Since we include
delivery-truck in our recipe this custom resource is available for us to use as well.
We can see from line 107 that the
secrets hash is passed into the
deploy_key attribute. If we look at where this variable is set on line 103 we can see it is set by the
get_project_secrets method. Since we do not want to use shared key encryption or by extension encrypted data bags we will need to find another way to get this
deploy_key value. One way of achieving this is via Chef Vault.
If you follow the recommendations in my blog post about using Chef Vaults in Automate you will have everything you need to add this
deploy_key attribute to your project’s Chef Vault.
Just add the following key/value pairs to the
ent_name-org_name-project_name vault under the
workflow-vaults data bag on the Automate Chef Server:
"git_repo_url": "ssh://firstname.lastname@example.org/<project-name>/<repo-name>", "git_private_key": "PRIVATE KEY OF YOUR GIT USER",
Then you would add the following to your publish recipe (after the code snippet from my blog post):
# INSERT CODE SNIPPET FROM BLOG POST HERE delivery_github git_repo do deploy_key vault_data['git_private_key'] branch node['delivery']['change']['pipeline'] remote_url vault_data['git_repo_url'] repo_path node['delivery']['workspace']['repo'] cache_path node['delivery']['workspace']['cache'] action :push end
Doing so will allow you to publish your code to a Git repository without the need of relying on shared key encryption.